Free Cheat-test Samples and Demo Questions Download
Adobe exams Adobe
Apple exams Apple
Avaya exams Avaya
Check Point exams Check Point
Cisco exams Cisco
Citrix exams Citrix
CIW exams CIW
CompTIA exams CompTIA
EC-Council exams EC-Council
EMC exams EMC
Exin exams Exin
Fortinet exams Fortinet
Hitachi exams Hitachi
HP exams HP
IBM exams IBM
Isaca exams Isaca
ISC exams ISC
Juniper exams Juniper
LPI exams LPI
McAfee exams McAfee
Microsoft exams Microsoft
Oracle exams Oracle
PMI exams PMI
Riverbed exams Riverbed
SNIA exams SAP
Sun exams SAS
Symantec exams Symantec
VMware exams VMware
All certification exams

Symantec 250-501 Exam -

Free 250-501 Sample Questions:

1. Which three organizations actively monitor the release of patches and upgrades from vendors? (Choose three.)
B. Microsoft
C. Symantec
D. Security Focus
E. Sun Microsystems
Answer: ACD

2. Which two types of policies are supported by Symantec Host IDS? (Choose two.)
A. basic
B. stock
C. default
D. custom
Answer: BD

3. Which communications method does the Symantec Enterprise Security Architecture Manager use to communicate with the Symantec Enterprise Security Architecture DataStore?
Answer: A

4. What does a Symantec ManHunt watchdog group provide?
A. sniffer detection
B. node redundancy
C. sensor aggregation
D. third-party event aggregation
Answer: B

5. What are three characteristics of Symantec ManHunt's response module? (Choose three.)
A. is priority-based
B. initiates traffic record
C. acts on classes of attacks
D. analyzes aggregated events
Answer: ABC

6. Which two benefits does Symantec Decoy Server provide? (Choose two.)
A. zero day attack detection
B. real-time network sniffing
C. early warning intrusion sensors
D. improved host-based intrusion performance
Answer: AC

7. Which two statements are true about intrusion protection? (Choose two.)
A. Intrusion protection devices only act as a perimeter defense against known attack patterns.
B. Intrusion protection technology must be combined with vulnerability assessment tools.
C. Intrusion protection solutions must include services that actively block malicious processes.
D. Intrusion protection can consist of any combination of host-based and network-based intrusion sensors.
Answer: CD

8. Which two technologies act as intrusion protection sensors? (Choose two.)
A. routers
B. host agents
C. deception hosts
D. managed switches
Answer: BC

9. Which two conditions affect the performance of network-based intrusion detection systems? (Choose two.)
A. local area network traffic congestion
B. resource utilization on sensor nodes
C. presence of a host-based intrusion detection system
D. concurrent support for intrusion detection across multiple platforms
Answer: AB

10. Which method is used by host-based intrusion protection systems to monitor file tampering and integrity?
A. file locking
B. disk encryption
C. checksum lists
D. operating system permissions
Answer: C

11. Which condition affects the performance of host-based intrusion detection system?
A. fragmented network traffic
B. resource utilization on monitored nodes
C. presence of a network-based intrusion detection system
D. concurrent support for intrusion detection across multiple platforms
Answer: B

12. What is a characteristic unique to a host-based intrusion protection solution?
A. service specific
B. protocol specific
C. topology specific
D. operating system specific
Answer: D

13. To which mode must you set the network interface on a network intrusion detection sensor to collect all packets?
A. report
B. receive
C. transfer
D. promiscuous
Answer: D

14. Which type of file provides vital information to a host-based intrusion detection system?
A. log
B. system
C. initialization
D. configuration
Answer: A

15. Which three types of traffic patterns do anomaly-based sensors report? (Choose three.)
A. allowed
B. overflow
C. suspicious
D. not allowed
Answer: BCD

16. Which three types of analyzers do anomaly-based sensors use? (Choose three.)
A. file
B. trend
C. packet
D. statistical
Answer: BCD

17. Which type of attacks are anomaly-based intrusion detection systems primarily designed to detect?
A. novel
B. known
C. host-based
D. network-based
Answer: A

18. Which type of intrusion detection solution is most likely to require regular updates to remain effective?
A. host-based
B. network-based
C. anomaly-based
D. signature-based
Answer: D

19. Which type of device is associated with passive intrusion detection strategies?
A. firewall
B. packet filter
C. network sniffer
D. management console
Answer: C

20. Which two states are monitored by statistical anomaly filters to detect changes in network activity? (Choose two.)
A. protocol traffic rates
B. changes in file sizes
C. user account misuse
D. users' activity over the network
Answer: AD

21. Which two actions are an integral part of an effective computer incident response strategy? (Choose two.)
A. investigate the source and details of the incident
B. take legal action against whoever caused the incident
C. track activity of attackers beyond the corporate network
D. respond to the incident by preventing future exploits of the same kind
Answer: AD

22. Which activity compromises the integrity of forensic data collected during an incident response investigation of HostA?
A. modification of firewall settings to collect additional forensic data
B. modification of the system files on HostA to block further intrusions
C. modification of the network intrusion detection system's signature files
D. modification of the intrusion policy at HostA's IPS sensor to block further intrusions
Answer: B

23. Which three types of network traffic should be considered suspicious by a deception-based intrusion system running on your corporate Intranet? (Choose three.)
A. FTP connection
B. broadcast traffic
C. HTTP get request
D. SSL logon attempt
Answer: ACD

24. What is a possible risk of operating a decoy-based intrusion detection system on your network?
A. Attackers could use the decoy to compromise another system making you liable.
B. Attackers learn how to circumvent your perimeter defense through the decoy.
C. The decoy reduces network performance by generating broadcast traffic on the network.
D. The decoy may give away information about your network and other legitimate systems
Answer: A

25. What are three benefits of decoy-based intrusion detection systems? (Choose three.)
A. Decoys capture encrypted attack activity.
B. Decoys identify and capture new attacks.
C. Decoys permit signature creation to detect complex attacks.
D. Decoys capture fewer events than other intrusion detection systems.
Answer: ABD

26. Which two methods might you use to create custom policies? (Choose two.)
A. build from scratch
B. use the policy template
C. import system registry settings
D. export and modify a stock policy
Answer: AD

27. Which service facilitates the automatic update of Symantec Host IDS stock policies?
A. Symantec LiveUpdate
B. Symantec PolicyEditor
C. Symantec PolicyUpdate
D. Symantec Host IDSUpdate
Answer: A

28. Which two Symantec Host IDS activities does Symantec LiveUpdate perform? (Choose two.)
A. blocks malicious activity
B. patches known vulnerabilities
C. installs new attack signatures
D. updates Symantec Host IDS stock policies
Answer: CD

29. Which solution provides a robust management and reporting framework for Symantec Host IDS?
A. Symantec Security Management System
B. Symantec Host IDS Manager and Agent Tools
C. Symantec Intrusion Protection Enterprise Manager
D. Symantec Enterprise Security Management Console
Answer: A

30. Which two solutions does the Symantec Security Management System (SSMS) provide for Symantec Host IDS? (Choose two.)
A. a reporting framework
B. a management framework
C. a database encryption framework
D. a vulnerability remediation framework
Answer: AB

© 2014, All Rights Reserved